Policy

Configure log access (legacy)

This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. If you enable this policy setting, only users whose security descriptor matches the configured value can access the log. If you disable this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it. If you do not configure this policy setting, the previous policy setting configuration remains in effect.

Policy
Pack Microsoft Windows
Category Windows Components / Event Log Service / System
Policy ID e0fc375878d0
Internal name Channel_Log_FileLogAccess_8

Registry

Copy registry mappings

HKLM\System\CurrentControlSet\Services\EventLog\System\CustomSD

Policy notes

This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. If you enable this policy setting, only users whose security descriptor matches the configured value can access the log. If you disable this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it. If you do not configure this policy setting, the previous policy setting configuration remains in effect.

Related policies

Back up log automatically when fullConfigure log accessControl Event Log behavior when the log file reaches its maximum sizeControl the location of the log fileSpecify the maximum log file size (KB)